From: Johan Hovold <johan@kernel.org>
Date: Tue, 3 Jan 2017 15:39:40 +0000 (+0100)
Subject: USB: serial: cyberjack: fix NULL-deref at open
X-Git-Tag: v3.2.87~137
X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?p=pandora-kernel.git;a=commitdiff_plain;h=9c44811bd33d5b07d1eb5ee60a5e227971a11ffe;ds=sidebyside

USB: serial: cyberjack: fix NULL-deref at open

commit 3dca01114dcecb1cf324534cd8d75fd1306a516b upstream.

Fix NULL-pointer dereference when clearing halt at open should the device
lack a bulk-out endpoint.

Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at cyberjack_open+0x40/0x9c [cyberjack]

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
[bwh: Backported to 3.2: add this check to the existing
 usb_serial_driver::attach implementation]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

diff --git a/drivers/usb/serial/cyberjack.c b/drivers/usb/serial/cyberjack.c
index f744ab7a3b19..2cf85872e938 100644
--- a/drivers/usb/serial/cyberjack.c
+++ b/drivers/usb/serial/cyberjack.c
@@ -122,6 +122,9 @@ static int cyberjack_startup(struct usb_serial *serial)
 
 	dbg("%s", __func__);
 
+	if (serial->num_bulk_out < serial->num_ports)
+		return -ENODEV;
+
 	/* allocate the private data structure */
 	priv = kmalloc(sizeof(struct cyberjack_private), GFP_KERNEL);
 	if (!priv)